If their only complaint is MD5-based MAC, you should be able to simply add the !MD5
element to your existing cipher suite to meet the recommendation.
That said, I see they complain about the use of the CBC mode as well. Unfortunately, there is no CBC
cipher group. The recommendation given to you also does not exclude CBC mode cipherspecs, at least on my version of openSSL (1.0.1e). This is a shame. If you need all such ciphers to be excluded, you could exclude all the CBC ones explicitly, though you will have to update that as they are included. Note that even HIGH
includes CBC ciphers.
Including both ALL
and RC4+RSA
is redundant. I would be loathe to trust a security consultant (even a computerized one) that cannot even construct a well-formed cipherspec that meets their own recommendations.
The SSLCipherSuite
takes an OpenSSL cipher spec. You can find this in the openssl documentation (link), but I find that this documentation is usually quite out of date. However, you can test one by running openssl ciphers ${cipherspec}
on your server; output will be a :
-separated list of ciphers that would be allowed by the given spec, or an error indicating none were allowed.
Similarly, if you want to know what LOW
contains, do:
falcon@tiernyn ~ $ openssl ciphers 'LOW'
EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:ADH-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5
!LOW
means to exclude those ones. +HIGH
means to prefer the high-security ones in the ordering.
If you want a line-delimited list of all the ciphers that use CBC in your cipherspec, do:
openssl ciphers ${cipherspec} | sed 's/:/\n/g' | grep CBC
Those are the ones you'd have to exclude. You may, however, find it more reasonable to grep -v CBC
and include only those (just set them up in a :
-delimited list and use that as the cipherspec).
As explained here you may have to set the ciphers
list like this :
sslProtocols = "TLS"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
The first part, ECDHE, specifies what key exchange algorithm should be
used.
[...]
Next up is the authentication algorithm, RSA. [...]
The bulk cipher, AES128-GCM is the main encryption algorithm and used to
encrypt all the traffic. [...]
The last part, SHA256, identifies the
message digest in use, which verifies the authenticity of messages.
Best Answer
The cipher suite you are trying to remove is called
ECDHE-RSA-AES256-SHA384
by openssl.Whenever in your list of ciphers appears
AES256
not followed byGCM
, it means the server will use AES in Cipher Block Chaining mode. This cipher is by no means broken or weak (especially when used with a good hash function like the SHA-2 variants you have in your list). It is just less recommended than Galois Counter Mode.Before manually choosing your ciphers your should read Mozilla's Server Side TLS page to make an aware choice. E.g. Debian 8 is just 4 years old and it doesn't have openssl version 1.1.
Once you edit your list of cipher suites as you like, you can test the result with: